Showing results for 
Search instead for 
Did you mean: 
Post a Question
Nüüül inside API / CLI Discussion and Samples 7 hours ago
views 855 8 10

IPS Update Monitoring

Hi,I wrote a small script, using the SDK from Checkpoint (GitHub - CheckPointSW/cp_mgmt_api_python_sdk: Check Point API Python Development Kit ) for checking IPS Updates with my Monitoring Server (Centreon, based on Nagios, more or less )For the login, the SDK is used (i changed one option in Login part of (unsafe_auto_accept --> true) should work with the default - false - too, but was easier for me.After successful logging in, we are parsing the API output from show-ip-status and comparing it with i.e actual date or "update available".After some calculating and comparing the script gives output, understandable for Nagios based systems.UNKNOWN = -1 - OK = 0 - WARNING = 1 - CRITICAL = 2GoodBad:And there is a state WARNING for 1 - 3 Days Delta from IPS UpdateThe Thresholds are freely configurable (on daily base).What would be good, is a possibility to get the current IPS Database version from Checkpoint, so, one might want to check the version against checkpoint, not, what the managment server found.I started working on this with the question of Sven Glock (IPS Monitoring ) in mind - maybe that kind of helps... and for my own of course To use it on Nagios Server you need:python installed (script worked with 2.7 and 3.7in the plugin folder i created an own "checkpoint" folder, containing the SDK and my script.Feel free to have a look, I´m sure, there is space for improvements.... Regards,Daniel
Two-Factor inside API / CLI Discussion and Samples 7 hours ago
views 246 3

Sample DLL Secure Authentication API (SAA)

Hello folks,Is it possible to get a working/sample DLL of Secure Authentication API (SAA)? Thanks,GH.
inside API / CLI Discussion and Samples 13 hours ago
views 580 2 5

GAIA REST APIs on demand

Hi All, As some of you already knows, we’ve recently released GAIA API version 1.2, the version includes new features and several enhancements (link) Along side the future I/S changes and fine tuning of our framework we will also target a few new APIs. I would like to use this thread and welcome you to share your opinion and suggest APIs which you’ll find useful. We will do our best to approach each of these requirements. Thanks, Tal
inside API / CLI Discussion and Samples 18 hours ago
views 719 5

Ansible warnings type (dict) to type ( string)

Hi team, I am trying to use ansible with Red Hat Enterprise server 8 for a customer. The Playbook created works fine, However i get warnings like the one shown below. I can login to the management server and the objects. Any workarounds or solutions for this?

GAIA API version 1.2 is now GA !

Hi all, I am happy to announce the release of GAIA API version 1.2 This version includes several stability fixes, fine tuning of the current I/S and new APIs. Some of the new capabilities of the new version: GAIA Groups management Show system routes (static and dynamic) Monitoring Cluster API Controlling password policy Show system diagnostics.Currently disk, memory and CPU are being monitor, more capabilities will be available in the future. Documentation: Examples per API Fine description of each API (default values per field and many more) I/S: Local loginUse the current SSH session to login to GAIA API and get a REST session (> gaia_api login)! Very useful - when it comes to scripting or running remove scripts via the mgmt. (run script feature) Info Use this link to check the recent APIs documentation Use this link to download the recent API engine and see the latest change-log Regards, Tal Martsiano

Get early access to our new Threat Prevention APIs

Take control of new Threat Prevention APIs powered by the largest Threat Cloud in the industry: URL Reputation – for a domain/URL returns the classification and risk in accessing the resource File Reputation – for a file digest (md5/sha1/sha256/sha512) returns the risk in downloading the file without the need to scan it IP Reputation - for an IP address returns it’s classification and risk in accessing a resource hosted on it Mail Security – upload an email for scanning against malware and phishing attacks, based on award winning Sandblast engines All APIs are RESTful, simple to use and can be integrated as part of a SOAR application, home-made application and more! If you’re a Check Point customer interested in participating in the early availability stage drop me a mail at
rkalidh inside API / CLI Discussion and Samples Thursday
views 2289 11

Export Policy using python

Hi all, Good day!!.Am new to check point and am trying to automate few tasks in check point. As a part of it, would like to automate policy export of all check point firewalls and send in mail for monthly review. : Export import package will help to export policies but when i run in python, am getting error as in attached screen shot. Am sure that something is missed.Please guide me if am not in right path.

Export rules.

Dear all, We want to export the rules as per following format from our firewall to carryout verification at our end. Currently we are not able to get any inbuilt function of API to do the work. Data required in following format : 1. Source : 2. Destination : 3. Port. We have groups in our firewall and rules may be given on the basis of group i.e. at the destination end or at source end, there may be a group of IPs. Aforementioned data should contains actual IPs & not the name of the groups.

Smartmove ASA services group

I use Smartmove to convert ASA configuration to R80.10, the Json or sh script created the service groups from the ASA configuration, but Json or sh script not use those service group when creating rules, it just simple add all members inside a service group into the "Services & Application" column. how to use service group in a rule instead of putting all group member in the rule ? Sunny

Could not establish secure channel for SSL/TLS over web service (R80.10)

Iam trying connect over powershell (invoke-webrequest) but got that error:Could not establish secure channel for SSL/TLS over web servicethat instruction is not helping 10 1809 x64how to use web api?

API Cluster build

Hello All,Can somebody tell me if there is any possibility how to add a Cluster to the Mgmt (CMA) over the API?I found only the "add-simple-gateway" but nothign else?Thanks for infoRadek

How to remove a domain from an MDS admin via API

hi all, I'm trying to automate the admin deployment to and existing MDS via api.I can easily add a domain to an administrator:# mgmt_cli -r true set administrator name admin123 permissions-profile.add.1.domain SGFRTDMBOQ001_domain permissions-profile.add.1.profile "Read Write All" --------------------------------------------- Time: [16:45:45] 11/6/2019 --------------------------------------------- "Publish operation" in progress (60%) --------------------------------------------- Time: [16:45:55] 11/6/2019 --------------------------------------------- "Publish operation" succeeded (100%)But I'm not able to remove it:# mgmt_cli -r true set administrator name admin123 permissions-profile.remove.domain SGFRTDMBOQ001_domain code: "generic_err_invalid_parameter" message: "Invalid parameter for [permissions-profile]. Invalid value" Executed command failed. Changes are discarded. # mgmt_cli -r true set administrator name admin123 permissions-profile.remove.1.domain SGFRTDMBOQ001_domain code: "generic_err_invalid_parameter" message: "Invalid parameter for [permissions-profile]. Invalid value" Executed command failed. Changes are discarded. # mgmt_cli -r true set administrator name admin123 permissions-profile.remove.domain SGFRTDMBOQ001_domain permissions-profile.remove.profile "Read Write All" code: "generic_err_invalid_parameter" message: "Invalid parameter for [permissions-profile]. Invalid value" Executed command failed. Changes are discarded. #Any ideas? Cheers,Martin

Adding a Server object from mgmt_cli

I am working through automating Site-to-Site VPN creation, specifically cert-based Site-to-Site VPN.Have been unable to find a way to create a Trusted CA Server object via mgmt_cli. Is this something that should be possible? Are there generic-object workarounds that could serve this purpose?Any insight is appreciated.
inside API / CLI Discussion and Samples a week ago
views 2415 17 27


Check Point Firewall CPView Database Graphing ToolExtract zip and run cpviewinsight.exeVersion 1.0.0 (CheckMates Page Version 1-2)Supports R77.30 to R80.10Version 1.1.1 (CheckMates Page Version 3)Supports R80.20Version 1.2.1 (CheckMates Page Version 4)Preliminary adds support for R8020SP CPView which is still unreleased.Threading implemented to 1.2.0 to prevent most locking scenarios of GUI.Crash handling to log unhandled exceptions.

Add users to existing access-role

Hello,I am trying to add an AD user to an existing group.Code I tried:set access-role name "Test_Access_Role" users "test1" machines "any" networks "any" remote-access-clients "any"Every command I enter returns an error message.what am I missing?